Upgrade to Tomcat 9.0.75

Closes gh-35540
2.6.x
Andy Wilkinson 2 years ago
parent 2e8ec62cd4
commit 47f1fc57d9

@ -5,6 +5,6 @@ org.gradle.parallel=true
org.gradle.jvmargs=-Xmx2g -Dfile.encoding=UTF-8
kotlinVersion=1.6.21
tomcatVersion=9.0.69
tomcatVersion=9.0.75
kotlin.stdlib.default.dependency=false

@ -1,5 +1,5 @@
/*
* Copyright 2012-2022 the original author or authors.
* Copyright 2012-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -959,8 +959,13 @@ public class ServerProperties {
+ "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" // 192.168/16
+ "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" // 169.254/16
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8
+ "100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "100\\.[7-9]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "100\\.1[0-1]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
+ "0:0:0:0:0:0:0:1|::1";
/**

@ -201,6 +201,7 @@ public class TomcatWebServerFactoryCustomizer
factory.addConnectorCustomizers((connector) -> connector.setProperty("relaxedQueryChars", relaxedChars));
}
@SuppressWarnings("deprecation")
private void customizeRejectIllegalHeader(ConfigurableTomcatWebServerFactory factory, boolean rejectIllegalHeader) {
factory.addConnectorCustomizers((connector) -> {
ProtocolHandler handler = connector.getProtocolHandler();

@ -331,8 +331,13 @@ class TomcatWebServerFactoryCustomizerTests {
+ "192\\.168\\.\\d{1,3}\\.\\d{1,3}|" // 192.168/16
+ "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" // 169.254/16
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|" // 127/8
+ "100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "100\\.[7-9]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "100\\.1[0-1]{1}\\d{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 100.64.0.0/10
+ "172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" //
+ "172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
+ "172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|" // 172.16/12
+ "0:0:0:0:0:0:0:1|::1";
assertThat(remoteIpValve.getInternalProxies()).isEqualTo(expectedInternalProxies);
}
@ -351,6 +356,7 @@ class TomcatWebServerFactoryCustomizerTests {
}
@Test
@SuppressWarnings("deprecation")
void testCustomizeRejectIllegalHeader() {
bind("server.tomcat.reject-illegal-header=false");
customizeAndRunServer((server) -> assertThat(

@ -1,5 +1,5 @@
/*
* Copyright 2012-2022 the original author or authors.
* Copyright 2012-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -35,10 +35,12 @@ final class TldPatterns {
Set<String> skipPatterns = new LinkedHashSet<>();
skipPatterns.add("annotations-api.jar");
skipPatterns.add("ant-junit*.jar");
skipPatterns.add("ant-launcher.jar");
skipPatterns.add("ant.jar");
skipPatterns.add("ant-launcher*.jar");
skipPatterns.add("ant*.jar");
skipPatterns.add("asm-*.jar");
skipPatterns.add("aspectj*.jar");
skipPatterns.add("bcel*.jar");
skipPatterns.add("biz.aQute.bnd*.jar");
skipPatterns.add("bootstrap.jar");
skipPatterns.add("catalina-ant.jar");
skipPatterns.add("catalina-ha.jar");
@ -51,6 +53,7 @@ final class TldPatterns {
skipPatterns.add("commons-beanutils*.jar");
skipPatterns.add("commons-codec*.jar");
skipPatterns.add("commons-collections*.jar");
skipPatterns.add("commons-compress*.jar");
skipPatterns.add("commons-daemon.jar");
skipPatterns.add("commons-dbcp*.jar");
skipPatterns.add("commons-digester*.jar");
@ -92,6 +95,8 @@ final class TldPatterns {
skipPatterns.add("mail*.jar");
skipPatterns.add("objenesis-*.jar");
skipPatterns.add("oraclepki.jar");
skipPatterns.add("org.hamcrest.core_*.jar");
skipPatterns.add("org.junit_*.jar");
skipPatterns.add("oro-*.jar");
skipPatterns.add("servlet-api-*.jar");
skipPatterns.add("servlet-api.jar");
@ -110,6 +115,7 @@ final class TldPatterns {
skipPatterns.add("tomcat-util.jar");
skipPatterns.add("tomcat-websocket.jar");
skipPatterns.add("tools.jar");
skipPatterns.add("unboundid-ldapsdk-*.jar");
skipPatterns.add("websocket-api.jar");
skipPatterns.add("wsdl4j*.jar");
skipPatterns.add("xercesImpl.jar");
@ -117,6 +123,7 @@ final class TldPatterns {
skipPatterns.add("xmlParserAPIs-*.jar");
skipPatterns.add("xmlParserAPIs.jar");
skipPatterns.add("xom-*.jar");
TOMCAT_SKIP = Collections.unmodifiableSet(skipPatterns);
}

Loading…
Cancel
Save